How do energy and utility companies handle Protected Critical Infrastructure Information and classified threat briefings as records?
Energy and utility companies sit at an unusual intersection: they are private entities that nonetheless hold information the federal government treats as sensitive or classified. Two categories drive most of the recordkeeping complexity — Protected Critical Infrastructure Information (PCII) and classified threat briefings shared by government partners.
Protected Critical Infrastructure Information
PCII is a category of sensitive-but-unclassified information that critical infrastructure owners voluntarily submit to the federal government. When properly submitted and validated, it receives legal protections that limit its disclosure, including shielding from public-records requests and from certain uses in civil litigation.
For records purposes, PCII is generally handled under the federal Controlled Unclassified Information (CUI) framework, which standardizes how sensitive unclassified information is marked, safeguarded, and disseminated. Practical implications include:
- Applying the correct markings and access controls so the information is not inadvertently released.
- Restricting access to personnel who are trained and authorized.
- Tracking custody and disposition so the company can demonstrate compliance if audited.
Classified Threat Briefings
When government agencies share classified threat information with cleared utility staff, that information remains the property of the originating agency and stays under the federal classification system. A private company does not own or control the classification of such material.
This means companies typically must:
- Store and handle the material only in authorized, accredited environments.
- Limit access to individuals holding the appropriate clearance and need-to-know.
- Follow the originating agency’s instructions for retention, return, or destruction — companies generally cannot unilaterally declassify or release it.
Declassification authority rests with the government, under oversight from the Information Security Oversight Office, not with the recipient utility.
Practical Records Guidance
The two streams should be governed by clear, documented policies that map each information type to its legal basis, handling rules, and disposition path. Treat PCII and classified material as distinct from ordinary business records, log access, and coordinate with the relevant federal program offices before releasing, transferring, or destroying anything.
For broader context on how classified material moves through review and release over time, see the declassification topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Controlled Unclassified Information (CUI) — National Archives (NARA)
- Information Security Oversight Office (ISOO) — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). How do energy and utility companies handle Protected Critical Infrastructure Information and classified threat briefings as records?. Records Management University. https://www.recordsmgmt.org/questions/how-do-energy-utility-companies-handle-pcii-and-classified-threat-briefings-as-records/
MLA
RM University Editorial. "How do energy and utility companies handle Protected Critical Infrastructure Information and classified threat briefings as records?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-do-energy-utility-companies-handle-pcii-and-classified-threat-briefings-as-records/.
Related questions
- Can a hospital or research university hold classified records, and how do FCL and HIPAA rules interact?
- Can a law firm representing a government client retain classified discovery, and who declassifies it after the case?
- Can a multinational company use ISO 15489 as a single recordkeeping standard across all of its countries?
- Can a private citizen request that a specific classified record be declassified?
- Can AI and machine learning reliably assist with declassification review of classified records?